Issues in reset.php (BT22676) - Issues in BT22676 - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2128)

main/auth/reset.php (2 issues)

Severity

Unknown 2

<?php

/* For license terms, see /license.txt */

require_once __DIR__.'/../inc/global.inc.php';

$token = $_GET['token'] ?? '';

if (!ctype_alnum($token)) {
    $token = '';
}

$user = UserManager::getManager()->findUserByConfirmationToken($token);

if (!$user) {

    Display::addFlash(
        Display::return_message(get_lang('LinkExpired'), 'error')
    );

    header('Location: '.api_get_path(WEB_PATH));
    exit;
}

// Build the form
$form = new FormValidator('reset', 'POST', api_get_self().'?token='.$token);
$form->addElement('header', get_lang('ResetPassword'));
$form->addHidden('token', $token);
if (!empty($_GET['rotate'])) {
    $form->addElement('html', Display::return_message(get_lang('PasswordExpiredPleaseSetNewPassword'), 'warning'));
}

$form->addElement(
    'password',
    'pass1',
    get_lang('Password'),
    [
        'show_hide' => true,
    ]
);
$form->addElement(
    'password',
    'pass2',
    get_lang('Confirmation'),
    ['id' => 'pass2', 'size' => 20, 'autocomplete' => 'off']
);
$form->addRule('pass1', get_lang('ThisFieldIsRequired'), 'required');
$form->addRule('pass2', get_lang('ThisFieldIsRequired'), 'required');
$form->addRule(['pass1', 'pass2'], get_lang('PassTwo'), 'compare');
$form->addPasswordRule('pass1');
$form->addNoSamePasswordRule('pass1', $user);
$form->addButtonSave(get_lang('Update'));

$ttl = api_get_setting('user_reset_password_token_limit');
if (empty($ttl)) {
    $ttl = 3600;
}

if ($form->validate()) {
    $values = $form->exportValues();
    $password = $values['pass1'];
    $token = $values['token'];

    /** @var \Chamilo\UserBundle\Entity\User $user */
    $user = UserManager::getManager()->findUserByConfirmationToken($token);

    if ($user) {

        if (!$user->isPasswordRequestNonExpired($ttl)) {
            Display::addFlash(Display::return_message(get_lang('LinkExpired')), 'warning');
            header('Location: '.api_get_path(WEB_CODE_PATH).'auth/lostPassword.php');
            exit;
        }

        $user->setPlainPassword($password);
        $userManager = UserManager::getManager();
        $userManager->updateUser($user, true);

        $user->setConfirmationToken(null);
        $user->setPasswordRequestedAt(null);

        Database::getManager()->persist($user);
        Database::getManager()->flush();

        if (api_get_configuration_value('force_renew_password_at_first_login')) {
            $extraFieldValue = new ExtraFieldValue('user');
            $value = $extraFieldValue->get_values_by_handler_and_field_variable($user->getId(), 'ask_new_password');
            if (!empty($value) && isset($value['value']) && 1 === (int) $value['value']) {
                $extraFieldValue->delete($value['id']);
            }
        }
        if (api_get_configuration_value('security_password_rotate_days') > 0) {
            $extraFieldValue = new ExtraFieldValue('user');
            $date = api_get_local_time(
                null,
                'UTC',
                'UTC',
                null,
                null,
                null,
                'Y-m-d H:i:s'
            );
            $extraFieldValue->save(
                [
                    'item_id' => $user->getId(),
                    'variable' => 'password_updated_at',
                    'value' => $date,
                ]
            );
        }

        Display::addFlash(Display::return_message(get_lang('Updated')));
        header('Location: '.api_get_path(WEB_PATH));
        exit;
    } else {
        Display::addFlash(
            Display::return_message(get_lang('LinkExpired'))
        );
    }
}

$htmlHeadXtra[] = api_get_password_checker_js('#username', '#reset_pass1');

$tpl = new Template(null);
$tpl->assign('content', $form->toHtml());
$tpl->display_one_col_template();


1			<?php
2
3			/* For license terms, see /license.txt */
4
5			require_once __DIR__.'/../inc/global.inc.php';
6
7			$token = $_GET['token'] ?? '';
8
9			if (!ctype_alnum($token)) {
10			$token = '';
11			}
12
13			$user = UserManager::getManager()->findUserByConfirmationToken($token);
14
15			if (!$user) {
			0 ignored issues – show introduced 2018-10-19 23:22 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$user` is of type `Chamilo\UserBundle\Entity\User`, thus it always evaluated to `true`. Loading history...
16			Display::addFlash(
17			Display::return_message(get_lang('LinkExpired'), 'error')
18			);
19
20			header('Location: '.api_get_path(WEB_PATH));
21			exit;
22			}
23
24			// Build the form
25			$form = new FormValidator('reset', 'POST', api_get_self().'?token='.$token);
26			$form->addElement('header', get_lang('ResetPassword'));
27			$form->addHidden('token', $token);
28			if (!empty($_GET['rotate'])) {
29			$form->addElement('html', Display::return_message(get_lang('PasswordExpiredPleaseSetNewPassword'), 'warning'));
30			}
31
32			$form->addElement(
33			'password',
34			'pass1',
35			get_lang('Password'),
36			[
37			'show_hide' => true,
38			]
39			);
40			$form->addElement(
41			'password',
42			'pass2',
43			get_lang('Confirmation'),
44			['id' => 'pass2', 'size' => 20, 'autocomplete' => 'off']
45			);
46			$form->addRule('pass1', get_lang('ThisFieldIsRequired'), 'required');
47			$form->addRule('pass2', get_lang('ThisFieldIsRequired'), 'required');
48			$form->addRule(['pass1', 'pass2'], get_lang('PassTwo'), 'compare');
49			$form->addPasswordRule('pass1');
50			$form->addNoSamePasswordRule('pass1', $user);
51			$form->addButtonSave(get_lang('Update'));
52
53			$ttl = api_get_setting('user_reset_password_token_limit');
54			if (empty($ttl)) {
55			$ttl = 3600;
56			}
57
58			if ($form->validate()) {
59			$values = $form->exportValues();
60			$password = $values['pass1'];
61			$token = $values['token'];
62
63			/** @var \Chamilo\UserBundle\Entity\User $user */
64			$user = UserManager::getManager()->findUserByConfirmationToken($token);
65
66			if ($user) {
			0 ignored issues – show introduced 2018-10-19 10:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$user` is of type `Chamilo\UserBundle\Entity\User`, thus it always evaluated to `true`. Loading history...
67			if (!$user->isPasswordRequestNonExpired($ttl)) {
68			Display::addFlash(Display::return_message(get_lang('LinkExpired')), 'warning');
69			header('Location: '.api_get_path(WEB_CODE_PATH).'auth/lostPassword.php');
70			exit;
71			}
72
73			$user->setPlainPassword($password);
74			$userManager = UserManager::getManager();
75			$userManager->updateUser($user, true);
76
77			$user->setConfirmationToken(null);
78			$user->setPasswordRequestedAt(null);
79
80			Database::getManager()->persist($user);
81			Database::getManager()->flush();
82
83			if (api_get_configuration_value('force_renew_password_at_first_login')) {
84			$extraFieldValue = new ExtraFieldValue('user');
85			$value = $extraFieldValue->get_values_by_handler_and_field_variable($user->getId(), 'ask_new_password');
86			if (!empty($value) && isset($value['value']) && 1 === (int) $value['value']) {
87			$extraFieldValue->delete($value['id']);
88			}
89			}
90			if (api_get_configuration_value('security_password_rotate_days') > 0) {
91			$extraFieldValue = new ExtraFieldValue('user');
92			$date = api_get_local_time(
93			null,
94			'UTC',
95			'UTC',
96			null,
97			null,
98			null,
99			'Y-m-d H:i:s'
100			);
101			$extraFieldValue->save(
102			[
103			'item_id' => $user->getId(),
104			'variable' => 'password_updated_at',
105			'value' => $date,
106			]
107			);
108			}
109
110			Display::addFlash(Display::return_message(get_lang('Updated')));
111			header('Location: '.api_get_path(WEB_PATH));
112			exit;
113			} else {
114			Display::addFlash(
115			Display::return_message(get_lang('LinkExpired'))
116			);
117			}
118			}
119
120			$htmlHeadXtra[] = api_get_password_checker_js('#username', '#reset_pass1');
121
122			$tpl = new Template(null);
123			$tpl->assign('content', $form->toHtml());
124			$tpl->display_one_col_template();
125

chamilo / chamilo-lms

Issues (2128)

main/auth/reset.php (2 issues)

Severity

Introduced By

Duplication Side-by-Side

Filter issues like